Mistakes/glitches are going to happen in all cloud-based services - end users should seriously think about using encryption to protect key documents, so that even if they are exposed the risk of sensitive information falling into the wrong hands is dramatically reduced. At the same time anyone like google or other like amazon should think about adding encryption of the data - and giving control of it to end users.

2:00 pm March 9, 2009

sirvine@bandilaw.com wrote:

Encryption doesn't help much here, since the faulty access was given at the application layer. If the application says a user is authorized to see a file, the application is going to decrypt it too. And presumably, Google uses keys to manage authorized users/sessions...

This is strictly an application error, but one that would play out differently within a walled garden vs. the cloud.

2:25 pm March 9, 2009

wasim@voltage.com wrote:

I think I am proposing a system whereby encryption is separated from the application layer - and is preferably controlled by the user - so that an error/glitch/mistake that opens up access does not also lay open the document content. This type of approach exists in many forms - but it's up to the cloud service providers like Google, IBM Bluehouse, Microsoft, Yahoo etc to integrate it - and for that users need to ask for that extra safeguard.